summaryrefslogtreecommitdiff
path: root/quickjs-libc.c
diff options
context:
space:
mode:
Diffstat (limited to 'quickjs-libc.c')
-rw-r--r--quickjs-libc.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/quickjs-libc.c b/quickjs-libc.c
index 2e77950..01c9db4 100644
--- a/quickjs-libc.c
+++ b/quickjs-libc.c
@@ -1335,7 +1335,7 @@ static JSValue js_std_urlGet(JSContext *ctx, JSValueConst this_val,
DynBuf header_buf_s, *header_buf = &header_buf_s;
char *buf;
size_t i, len;
- int c, status;
+ int status;
JSValue response = JS_UNDEFINED, ret_obj;
JSValueConst options_obj;
FILE *f;
@@ -1363,17 +1363,20 @@ static JSValue js_std_urlGet(JSContext *ctx, JSValueConst this_val,
js_std_dbuf_init(ctx, &cmd_buf);
dbuf_printf(&cmd_buf, "%s '", URL_GET_PROGRAM);
- len = strlen(url);
- for(i = 0; i < len; i++) {
- switch (c = url[i]) {
+ for(i = 0; url[i] != '\0'; i++) {
+ unsigned char c = url[i];
+ switch (c) {
case '\'':
+ /* shell single quoted string does not support \' */
dbuf_putstr(&cmd_buf, "'\\''");
break;
case '[': case ']': case '{': case '}': case '\\':
+ /* prevent interpretation by curl as range or set specification */
dbuf_putc(&cmd_buf, '\\');
/* FALLTHROUGH */
default:
dbuf_putc(&cmd_buf, c);
+ break;
}
}
JS_FreeCString(ctx, url);
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 06:34:44 +0000